subject:"\[ovirt\-users\] How to mapping LDAP users in AAA"

Re: [ovirt-users] How to mapping LDAP users in AAA

2014-10-14 Thread lofyer


Sun Java Access System Manager


在 14-10-14 下午1:52, Yair Zaslavsky 写道:


- Original Message -

From: lofyer lof...@gmail.com
To: users users@ovirt.org
Sent: Tuesday, October 14, 2014 5:10:56 AM
Subject: [ovirt-users] How to mapping LDAP users in AAA

I've got a LDAP server without kerberos and I am trying to intergrate
its users to oVirt-3.5 with AAA.
==

Which ldap server is that, what vendor?


/etc/ovirt-engine/aaa/example.properties:

include = openldap.properties

vars.user = cn=directory manager
vars.password = mypassword
vars.server = example.com

#pool.default.ssl.startTLS = false
#pool.default.ssl.truststore.file = /etc/ldap_tls/ca_cert.pem
#pool.default.ssl.truststore.password = admin

pool.default.serverset.single.server = ${global:vars.server}
pool.default.auth.simple.bindDN = ${global:vars.user}
pool.default.auth.simple.password = ${global:vars.password}
==

This is my basic ldap infomation:

ou=Groups
|
+ cn=UserGroup1
|
+ cn=UserGroup2

ou=UserGroup1
|
+ cn=user1
|
+ cn=user2


ou=UserGroup2
|
+ cn=user3
|
+ cn=user4

==

Now I can see example.com in web portal but I cannot list users in UG1
or UG2.

I find that I could map DN, ID NAME, DISPLAY in the config file. What
should I add in the config file then?
___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users



___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users

Re: [ovirt-users] How to mapping LDAP users in AAA

2014-10-14 Thread Alon Bar-Lev

- Original Message -
 From: lofyer lof...@gmail.com
 To: users users@ovirt.org
 Sent: Tuesday, October 14, 2014 5:10:56 AM
 Subject: [ovirt-users] How to mapping LDAP users in AAA

 I've got a LDAP server without kerberos and I am trying to intergrate
 its users to oVirt-3.5 with AAA.
 ==
 /etc/ovirt-engine/aaa/example.properties:

You need to create two extensions, one for authentication and another for 
authorization at /etc/ovirt-engine/extensions.d/ see[1], both should refer to 
your example.properties.

But I see you created these based on bellow.

[1] 
http://gerrit.ovirt.org/gitweb?p=ovirt-engine-extension-aaa-ldap.git;a=blob;f=README;hb=HEAD#l17

 include = openldap.properties

 vars.user = cn=directory manager

are you sure this ^ is the full dn of the user?

 vars.password = mypassword
 vars.server = example.com

 #pool.default.ssl.startTLS = false
 #pool.default.ssl.truststore.file = /etc/ldap_tls/ca_cert.pem
 #pool.default.ssl.truststore.password = admin

 pool.default.serverset.single.server = ${global:vars.server}
 pool.default.auth.simple.bindDN = ${global:vars.user}
 pool.default.auth.simple.password = ${global:vars.password}
 ==

 This is my basic ldap infomation:

 ou=Groups
 |
 + cn=UserGroup1
 |
 + cn=UserGroup2

 ou=UserGroup1
 |
 + cn=user1
 |
 + cn=user2

 ou=UserGroup2
 |
 + cn=user3
 |
 + cn=user4

 ==

 Now I can see example.com in web portal but I cannot list users in UG1
 or UG2.

in admin portal?

 I find that I could map DN, ID NAME, DISPLAY in the config file. What
 should I add in the config file then?

you do not need to touch these...

1. which version of ovirt-engine do you use?
2. which version of ovirt-engine-extension-aaa-ldap do you use?

what is your root dse?

$ ldapsearch -H ldap://example.com -b '' -x -D 'cn=directory manager' -w 
mypassword -s BASE 

seek namingContexts it should contain first entry a suffix for all objects.

if you try to search users within Users add tab within webadmin and find 
nothing and rootdse is ok please modify 
/usr/share/ovirt-engine/services/ovirt-engine/ovirt-engine.xml.in and set:

  file-handler name=SERVER   --- find this
level name=FINEST/   --- modify this

  logger category=org.ovirt.engineextensions.aaa.ldap   --- add this
level name=FINEST/   --- add this
  /logger  --- add this
  logger category=com.arjuna --- find this

stop engine
remove /var/log/ovirt-engine/engine.log
start engine
try to search
send me engine.log

Regards,
Alon
___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users

Re: [ovirt-users] How to mapping LDAP users in AAA

2014-10-14 Thread Alon Bar-Lev



- Original Message -
 From: lofyer lof...@gmail.com
 To: Yair Zaslavsky yzasl...@redhat.com
 Cc: users users@ovirt.org
 Sent: Tuesday, October 14, 2014 9:29:57 AM
 Subject: Re: [ovirt-users] How to mapping LDAP users in AAA
 
 Sun Java Access System Manager

this is not openldap... why do you use openldap profile?

please attach full export of this ldap server, output of:

rootdse:
$ ldapsearch -H ldap://example.com -b '' -x -D 'cn=directory manager' -w 
mypassword -s BASE

entities:
$ ldapsearch -o ldif-wrap=no -E pr=100/noprompt -H ldap://example.com -x -D 
'cn=directory manager' -w mypassword -b NAMING_CONTEXT

 
 
 在 14-10-14 下午1:52, Yair Zaslavsky 写道:
 
  - Original Message -
  From: lofyer lof...@gmail.com
  To: users users@ovirt.org
  Sent: Tuesday, October 14, 2014 5:10:56 AM
  Subject: [ovirt-users] How to mapping LDAP users in AAA
 
  I've got a LDAP server without kerberos and I am trying to intergrate
  its users to oVirt-3.5 with AAA.
  ==
  Which ldap server is that, what vendor?
 
  /etc/ovirt-engine/aaa/example.properties:
 
  include = openldap.properties
 
  vars.user = cn=directory manager
  vars.password = mypassword
  vars.server = example.com
 
  #pool.default.ssl.startTLS = false
  #pool.default.ssl.truststore.file = /etc/ldap_tls/ca_cert.pem
  #pool.default.ssl.truststore.password = admin
 
  pool.default.serverset.single.server = ${global:vars.server}
  pool.default.auth.simple.bindDN = ${global:vars.user}
  pool.default.auth.simple.password = ${global:vars.password}
  ==
 
  This is my basic ldap infomation:
 
  ou=Groups
  |
  + cn=UserGroup1
  |
  + cn=UserGroup2
 
  ou=UserGroup1
  |
  + cn=user1
  |
  + cn=user2
 
 
  ou=UserGroup2
  |
  + cn=user3
  |
  + cn=user4
 
  ==
 
  Now I can see example.com in web portal but I cannot list users in UG1
  or UG2.
 
  I find that I could map DN, ID NAME, DISPLAY in the config file. What
  should I add in the config file then?
  ___
  Users mailing list
  Users@ovirt.org
  http://lists.ovirt.org/mailman/listinfo/users
 
 
 ___
 Users mailing list
 Users@ovirt.org
 http://lists.ovirt.org/mailman/listinfo/users
 
___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users

Re: [ovirt-users] How to mapping LDAP users in AAA

2014-10-14 Thread lofyer

Subject: Re: [ovirt-users] How to mapping LDAP users in AAA

Sun Java Access System Manager

this is not openldap... why do you use openldap profile?

please attach full export of this ldap server, output of:

rootdse:
$ ldapsearch -H ldap://example.com -b '' -x -D 'cn=directory manager' -w 
mypassword -s BASE

entities:
$ ldapsearch -o ldif-wrap=no -E pr=100/noprompt -H ldap://example.com -x -D 
'cn=directory manager' -w mypassword -b NAMING_CONTEXT



在 14-10-14 下午1:52, Yair Zaslavsky 写道:

- Original Message -

From: lofyer lof...@gmail.com
To: users users@ovirt.org
Sent: Tuesday, October 14, 2014 5:10:56 AM
Subject: [ovirt-users] How to mapping LDAP users in AAA

I've got a LDAP server without kerberos and I am trying to intergrate
its users to oVirt-3.5 with AAA.
==

Which ldap server is that, what vendor?


/etc/ovirt-engine/aaa/example.properties:

include = openldap.properties

vars.user = cn=directory manager
vars.password = mypassword
vars.server = example.com

#pool.default.ssl.startTLS = false
#pool.default.ssl.truststore.file = /etc/ldap_tls/ca_cert.pem
#pool.default.ssl.truststore.password = admin

pool.default.serverset.single.server = ${global:vars.server}
pool.default.auth.simple.bindDN = ${global:vars.user}
pool.default.auth.simple.password = ${global:vars.password}
==

This is my basic ldap infomation:

ou=Groups
|
+ cn=UserGroup1
|
+ cn=UserGroup2

ou=UserGroup1
|
+ cn=user1
|
+ cn=user2


ou=UserGroup2
|
+ cn=user3
|
+ cn=user4

==

Now I can see example.com in web portal but I cannot list users in UG1
or UG2.

I find that I could map DN, ID NAME, DISPLAY in the config file. What
should I add in the config file then?
___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users


___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users



___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users

Re: [ovirt-users] How to mapping LDAP users in AAA

2014-10-14 Thread Alon Bar-Lev


Hi,

In order to help and create a profile for this variant I need the full output 
of:

$ ldapsearch  -E pr=100/noprompt -o ldif-wrap=no -H ldap://ids.sdju.edu.cn -x 
-D 'cn=directory manager' -w mypassword -b 'dc=sdju,dc=edu,dc=cn'

Please do not paste but paste.

You can send me privately.

Regards,
Alon

- Original Message -
 From: lofyer lof...@gmail.com
 To: Alon Bar-Lev alo...@redhat.com
 Cc: Yair Zaslavsky yzasl...@redhat.com, users users@ovirt.org
 Sent: Tuesday, October 14, 2014 12:22:03 PM
 Subject: Re: [ovirt-users] How to mapping LDAP users in AAA
 
 Yes, I do add authz and authn in /etc/ovirt-engine/extension.d/ like this
 
 ==
 /etc/ovirt-engine/extensions.d/authn-sdju.edu.cn.properties:
 
 ovirt.engine.extension.name = authn-sdju.edu.cn
 ovirt.engine.extension.bindings.method = jbossmodule
 ovirt.engine.extension.binding.jbossmodule.module =
 org.ovirt.engine-extensions.aaa.ldap
 ovirt.engine.extension.binding.jbossmodule.class =
 org.ovirt.engineextensions.aaa.ldap.AuthnExtension
 ovirt.engine.extension.provides = org.ovirt.engine.api.extensions.aaa.Authn
 ovirt.engine.aaa.authn.profile.name = sdju.edu.cn
 ovirt.engine.aaa.authn.authz.plugin = authz-sdju.edu.cn
 config.profile.file.1 = /etc/ovirt-engine/aaa/sdju.edu.cn.properties
 ==
 /etc/ovirt-engine/extensions.d/authz-sdju.edu.cn.properties:
 
 ovirt.engine.extension.name = authz-sdju.edu.cn
 ovirt.engine.extension.bindings.method = jbossmodule
 ovirt.engine.extension.binding.jbossmodule.module =
 org.ovirt.engine-extensions.aaa.ldap
 ovirt.engine.extension.binding.jbossmodule.class =
 org.ovirt.engineextensions.aaa.ldap.AuthzExtension
 ovirt.engine.extension.provides = org.ovirt.engine.api.extensions.aaa.Authz
 config.profile.file.1 = /etc/ovirt-engine/aaa/sdju.edu.cn.properties
 ==
 
 And here's my log:
 
 ldapsearch -H ldap://ids.sdju.edu.cn -b '' -D 'cn=directory manager' -w
 mypassword -s BASE
 # extended LDIF
 #
 # LDAPv3
 # base  with scope baseObject
 # filter: (objectclass=*)
 # requesting: ALL
 #
 
 #
 dn:
 objectClass: top
 namingContexts: dc=sdju,dc=edu,dc=cn
 namingContexts: o=NetscapeRoot
 supportedExtension: 2.16.840.1.113730.3.5.7
 supportedExtension: 2.16.840.1.113730.3.5.8
 supportedExtension: 2.16.840.1.113730.3.5.3
 supportedExtension: 2.16.840.1.113730.3.5.5
 supportedExtension: 2.16.840.1.113730.3.5.6
 supportedExtension: 2.16.840.1.113730.3.5.4
 supportedExtension: 1.3.6.1.4.1.42.2.27.9.6.1
 supportedExtension: 1.3.6.1.4.1.42.2.27.9.6.2
 supportedExtension: 1.3.6.1.4.1.42.2.27.9.6.3
 supportedExtension: 1.3.6.1.4.1.42.2.27.9.6.4
 supportedExtension: 1.3.6.1.4.1.42.2.27.9.6.5
 supportedExtension: 1.3.6.1.4.1.42.2.27.9.6.6
 supportedExtension: 1.3.6.1.4.1.42.2.27.9.6.7
 supportedExtension: 1.3.6.1.4.1.42.2.27.9.6.8
 supportedExtension: 1.3.6.1.4.1.42.2.27.9.6.9
 supportedExtension: 1.3.6.1.4.1.42.2.27.9.6.11
 supportedExtension: 1.3.6.1.4.1.42.2.27.9.6.12
 supportedExtension: 1.3.6.1.4.1.42.2.27.9.6.13
 supportedExtension: 1.3.6.1.4.1.42.2.27.9.6.14
 supportedExtension: 1.3.6.1.4.1.42.2.27.9.6.15
 supportedExtension: 1.3.6.1.4.1.42.2.27.9.6.16
 supportedExtension: 1.3.6.1.4.1.42.2.27.9.6.17
 supportedExtension: 1.3.6.1.4.1.42.2.27.9.6.18
 supportedExtension: 1.3.6.1.4.1.42.2.27.9.6.19
 supportedExtension: 1.3.6.1.4.1.42.2.27.9.6.21
 supportedExtension: 1.3.6.1.4.1.42.2.27.9.6.22
 supportedExtension: 1.3.6.1.4.1.4203.1.11.3
 supportedControl: 2.16.840.1.113730.3.4.2
 supportedControl: 2.16.840.1.113730.3.4.3
 supportedControl: 2.16.840.1.113730.3.4.4
 supportedControl: 2.16.840.1.113730.3.4.5
 supportedControl: 1.2.840.113556.1.4.473
 supportedControl: 2.16.840.1.113730.3.4.9
 supportedControl: 2.16.840.1.113730.3.4.16
 supportedControl: 2.16.840.1.113730.3.4.15
 supportedControl: 2.16.840.1.113730.3.4.17
 supportedControl: 2.16.840.1.113730.3.4.19
 supportedControl: 1.3.6.1.4.1.42.2.27.9.5.2
 supportedControl: 1.3.6.1.4.1.42.2.27.9.5.6
 supportedControl: 1.3.6.1.4.1.42.2.27.9.5.8
 supportedControl: 2.16.840.1.113730.3.4.14
 supportedControl: 1.3.6.1.4.1.1466.29539.12
 supportedControl: 2.16.840.1.113730.3.4.12
 supportedControl: 2.16.840.1.113730.3.4.18
 supportedControl: 2.16.840.1.113730.3.4.13
 supportedSASLMechanisms: EXTERNAL
 supportedSASLMechanisms: DIGEST-MD5
 supportedLDAPVersion: 2
 supportedLDAPVersion: 3
 vendorName: Sun Microsystems, Inc.
 vendorVersion: Sun Java(TM) System Directory Server/5.2_Patch_4
 dataversion: 020121212071504020121212071504
 netscapemdsuffix: cn=ldap://dc=ids1,dc=sdju,dc=edu,dc=cn:389
 
 # search result
 search: 2
 result: 0 Success
 
 # numResponses: 2
 # numEntries: 1
 ==
   ldapsearch  -E pr=100/noprompt -H ldap://ids.sdju.edu.cn -x -D
 'cn=directory manager' -w mypassword -b ou=JZG,dc=sdju,dc=edu,dc=cn
 # extended LDIF
 #
 # LDAPv3
 # base ou=JZG,dc=sdju,dc=edu,dc=cn with scope subtree
 # filter: (objectclass=*)
 # requesting: ALL
 # with pagedResults

[ovirt-users] How to mapping LDAP users in AAA

2014-10-13 Thread lofyer

I've got a LDAP server without kerberos and I am trying to intergrate 
its users to oVirt-3.5 with AAA.

==
/etc/ovirt-engine/aaa/example.properties:

include = openldap.properties

vars.user = cn=directory manager
vars.password = mypassword
vars.server = example.com

#pool.default.ssl.startTLS = false
#pool.default.ssl.truststore.file = /etc/ldap_tls/ca_cert.pem
#pool.default.ssl.truststore.password = admin

pool.default.serverset.single.server = ${global:vars.server}
pool.default.auth.simple.bindDN = ${global:vars.user}
pool.default.auth.simple.password = ${global:vars.password}
==

This is my basic ldap infomation:

ou=Groups
|
+ cn=UserGroup1
|
+ cn=UserGroup2

ou=UserGroup1
|
+ cn=user1
|
+ cn=user2


ou=UserGroup2
|
+ cn=user3
|
+ cn=user4

==

Now I can see example.com in web portal but I cannot list users in UG1 
or UG2.


I find that I could map DN, ID NAME, DISPLAY in the config file. What 
should I add in the config file then?

___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users

Re: [ovirt-users] How to mapping LDAP users in AAA

2014-10-13 Thread Yair Zaslavsky

- Original Message -
 From: lofyer lof...@gmail.com
 To: users users@ovirt.org
 Sent: Tuesday, October 14, 2014 5:10:56 AM
 Subject: [ovirt-users] How to mapping LDAP users in AAA

 I've got a LDAP server without kerberos and I am trying to intergrate
 its users to oVirt-3.5 with AAA.
 ==

Which ldap server is that, what vendor?

 /etc/ovirt-engine/aaa/example.properties:

 include = openldap.properties

 vars.user = cn=directory manager
 vars.password = mypassword
 vars.server = example.com

 #pool.default.ssl.startTLS = false
 #pool.default.ssl.truststore.file = /etc/ldap_tls/ca_cert.pem
 #pool.default.ssl.truststore.password = admin

 pool.default.serverset.single.server = ${global:vars.server}
 pool.default.auth.simple.bindDN = ${global:vars.user}
 pool.default.auth.simple.password = ${global:vars.password}
 ==

 This is my basic ldap infomation:

 ou=Groups
 |
 + cn=UserGroup1
 |
 + cn=UserGroup2

 ou=UserGroup1
 |
 + cn=user1
 |
 + cn=user2

 ou=UserGroup2
 |
 + cn=user3
 |
 + cn=user4

 ==

 Now I can see example.com in web portal but I cannot list users in UG1
 or UG2.

 I find that I could map DN, ID NAME, DISPLAY in the config file. What
 should I add in the config file then?
 ___
 Users mailing list
 Users@ovirt.org
 http://lists.ovirt.org/mailman/listinfo/users

___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users

Re: [ovirt-users] How to mapping LDAP users in AAA

Re: [ovirt-users] How to mapping LDAP users in AAA

Re: [ovirt-users] How to mapping LDAP users in AAA

Re: [ovirt-users] How to mapping LDAP users in AAA

Re: [ovirt-users] How to mapping LDAP users in AAA

[ovirt-users] How to mapping LDAP users in AAA

Re: [ovirt-users] How to mapping LDAP users in AAA

7 matches

Site Navigation

Mail list logo

Footer information